Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lab Project #3: BufLab — Buffer Overflow Attacks

Published byTomas Keller Modified over 6 years ago

Similar presentations

Presentation on theme: "Lab Project #3: BufLab — Buffer Overflow Attacks"— Presentation transcript:

1 Lab Project #3: BufLab — Buffer Overflow Attacks
Hugh C. Lauer Department of Computer Science (Slides shamelessly adapted from Bryant & O’Hallaron) CS-2011, D-term 2013 Lab Project #3: BufLab

2 Objective and Approach
To gain a deeper understanding of IA-32 calling conventions and stack structure … … by devising a series of buffer overflow attacks on an executable file called bufbomb I.e., make a “cookie” show up in places in memory where it ordinarily would not show up Warning! What you are about to do would be highly illegal if carried out against someone else’s system outside of this class project! CS-2011, D-term 2013 Lab Project #3: BufLab

3 Obtaining Buflab See handout on course website
Check out a buffer bomb from You will get a tar.gz file containing three programs:– bufbomb — the bomb itself, customized for you makecookie — generates a “cookie” based on your ID hex2raw — converts a series of hexadecimal byte codes to a raw string containing an attack CS-2011, D-term 2013 Lab Project #3: BufLab

4 This Project Five levels of buffer attack For each one, you must:–
Write some C code based on your disassembly of the bufbomb binary Generate the corresponding IA-32 assembly code (gcc –s) and create an exploit string Convert this into a raw string to pass into stdin ( i.e., hex2raw) Successfully plant your cookie in bufbomb When successful, submit the exploit string to the online grading server (using the –s switch) CS-2011, D-term 2013 Lab Project #3: BufLab

5 Working on Buflab This is supposed to work on any Linux system
But bufbomb won’t link with CCC libraries! Must be submitted from CCC systems Will disable host name checking No penalty for mistakes Due date:–April 17, 2013, 11:59 PM CS-2011, D-term 2013 Lab Project #3: BufLab

6 Questions? CS-2011, D-term 2013 Lab Project #3: BufLab

Download ppt "Lab Project #3: BufLab — Buffer Overflow Attacks"

Similar presentations

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)

Buffer Overflows Nick Feamster CS 6262 Spring 2009 (credit to Vitaly S. from UT for slides)
15/18-213: Introduction to Computer Systems

15/18-213: Introduction to Computer Systems
Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.

Recitation 4 Outline Buffer overflow –Practical skills for Lab 3 Code optimization –Strength reduction –Common sub-expression –Loop unrolling Reminders.
Buffer Overflows By Tim Peterson Joel Miller Dan Block.

Buffer Overflows By Tim Peterson Joel Miller Dan Block.
Introduction to Computer Systems Topics: Staff, text, and policies Lecture topics and assignments Lab rationale and infrastructure 15-213 F ’08 class01b.ppt.

Introduction to Computer Systems Topics: Staff, text, and policies Lecture topics and assignments Lab rationale and infrastructure F ’08 class01b.ppt.
CSCI 3 CH 1.6. REMINDER Remember to put your Student ID # on your homework Remember to put your Student ID # on your homework If you are not going to.

CSCI 3 CH 1.6. REMINDER Remember to put your Student ID # on your homework Remember to put your Student ID # on your homework If you are not going to.
September 22, 2014 Pengju (Jimmy) Jin Section E

September 22, 2014 Pengju (Jimmy) Jin Section E
Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.

Efficient Instruction Set Randomization Using Software Dynamic Translation Michael Crane Wei Hu.
University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.

University of Washington CSE 351 : The Hardware/Software Interface Section 5 Structs as parameters, buffer overflows, and lab 3.
CS252: Systems Programming Ninghui Li Final Exam Review.

CS252: Systems Programming Ninghui Li Final Exam Review.
EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.

EECS 354 Network Security Introduction. Why Learn To Hack Understanding how to break into computer systems allows you to better defend them Learn how.
Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-

Security Exploiting Overflows. Introduction r See the following link for more info: operating-systems-and-applications-in-
Application Security Tom Chothia Computer Security, Lecture 14.

Application Security Tom Chothia Computer Security, Lecture 14.
Host and Application Security Lesson 10: Code Injection.

Host and Application Security Lesson 10: Code Injection.
Introduction and Overview Summer 2014 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University.

Introduction and Overview Summer 2014 COMP 2130 Introduction to Computer Systems Computing Science Thompson Rivers University.
Goals: To gain an understanding of assembly To get your hands dirty in GDB.

Goals: To gain an understanding of assembly To get your hands dirty in GDB.
CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.

CNIT 127: Exploit Development Ch 4: Introduction to Format String Bugs.
Lab 10 Department of Computer Science and Information Engineering National Taiwan University Lab10 – Debugging II 2014/12/2 1 /16.

Lab 10 Department of Computer Science and Information Engineering National Taiwan University Lab10 – Debugging II 2014/12/2 1 /16.
CNIT 127: Exploit Development Ch 3: Shellcode. Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object.

CNIT 127: Exploit Development Ch 3: Shellcode. Topics Protection rings Syscalls Shellcode nasm Assembler ld GNU Linker objdump to see contents of object.
C Lab 1 Introduction to C. Basics of C Developed by Dennis Ritchie in the 1970s. Maps very easily to machine instructions. Even allows inline assembly!

C Lab 1 Introduction to C. Basics of C Developed by Dennis Ritchie in the 1970s. Maps very easily to machine instructions. Even allows inline assembly!

Similar presentations

Ads by Google